Naslov
Detecting network applications using firewall logs

Autori
Adrian Komadina, Mihael Marović, Stjepan Groš

Vrsta, podvrsta i kategorija rada
Radovi u zbornicima skupova, cjeloviti rad (in extenso), znanstveni

Izvornik
Proceedings of the International Convention MIPRO / - , 2022, 1-7

Skup
45th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO 2022)

Mjesto i datum
Opatija, Hrvatska, 23.05.2022. - 27.05.2022

Vrsta sudjelovanja
Predavanje

Vrsta recenzije
Međunarodna recenzija

Ključne riječi
network applications ; firewall ; logs ; classification

Sažetak
Every day, many firewall logs are generated that contain a lot of useful information about devices and applications in the network. In this paper, we try to detect network applications using only data in firewall logs. Detection of such applications could be used for audit, gaining a better visibility into the network, and to create better firewall policies. Two approaches were implemented for network application detection, one based on the classification methods and the other based on distances between samples using three different metrics. The methods we experimented with were based on ports and IP addresses only. The analysis of ports was done to reduce the number of different ports used as features for classification. In addition to the methods implemented, a measure of certainty was developed based on the number of different ports used for classification. Based on the partial knowledge of the target environment, the methods were continuously improved, from which conclusions were drawn and results presented. In reviewing the results, an analysis of the results of the two approaches was carried out. The approaches were compared based on the advantages and disadvantages of each approach in terms of the information they provide.

Izvorni jezik
Engleski

Znanstvena područja
Elektrotehnika, Računarstvo

POVEZANOST RADA